US, UK and Australia tax Iran for exploiting Fortinet and Exchange loopholes

Authorities in the United States, United Kingdom, and Australia have asked administrators to immediately patch four vulnerabilities (CVE-2021-34473, 2020-12812, 2019-5591, and 2018-13379) after attributing certain attacks that used them to attackers. backed by Iran.

“The FBI and CISA have noted that this Iranian government-backed APT group has been exploiting vulnerabilities in Fortinet since at least March 2021, as well as a Microsoft Exchange ProxyShell vulnerability since October 2021, in order to gain initial access. to systems prior to the following operations, which include the deployment of ransomware, “said a joint statement.

“The Australian Cyber ​​Security Center is also aware that this APT group used the same Microsoft Exchange vulnerability in Australia.”

Rather than targeting a certain sector of the economy, authorities said the attackers simply focus on exploiting vulnerabilities when possible and after the operation try to transform that initial access data exfiltration, ransomware attack or extortion.

Using loopholes in Fortinet and Exchange for access, the attackers then added tasks to the Windows Task Scheduler and created new accounts on domain controllers and other systems to resemble existing accounts in order to maintain access. The next step was to activate BitLocker, leave a ransom note, and retrieve the data via FTP.

In April, the FBI and CISA issued warnings about vulnerabilities in actively exploited Fortinet equipment, and authorities placed Fortinet in the top 30 exploited vulnerabilities in July.

Separately, on Wednesday, Microsoft issued its own warning about six Iranian groups that were using vulnerabilities in the same pair of products to spread ransomware.

The cited Exchange vulnerabilities, known as ProxyShell, were initially exploited by Beijing-backed hackers.

Source: “.com”

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button